Ghost/core/server/utils/index.js

var unidecode  = require('unidecode'),
    _          = require('lodash'),

    utils,
    getRandomInt;

/**
 * Return a random int, used by `utils.uid()`
 *
 * @param {Number} min
 * @param {Number} max
 * @return {Number}
 * @api private
 */
getRandomInt = function (min, max) {
    return Math.floor(Math.random() * (max - min + 1)) + min;
};

utils = {
    /**
     * Timespans in seconds and milliseconds for better readability
     */
    ONE_HOUR_S:          3600,
    ONE_DAY_S:          86400,
    ONE_YEAR_S:      31536000,
    ONE_HOUR_MS:      3600000,
    ONE_DAY_MS:      86400000,
    ONE_WEEK_MS:    604800000,
    ONE_MONTH_MS:  2628000000,
    ONE_YEAR_MS:  31536000000,

    /**
     * Return a unique identifier with the given `len`.
     *
     *     utils.uid(10);
     *     // => "FDaS435D2z"
     *
     * @param {Number} len
     * @return {String}
     * @api private
     */
    uid: function (len) {
        var buf = [],
            chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
            charlen = chars.length,
            i;

        for (i = 1; i < len; i = i + 1) {
            buf.push(chars[getRandomInt(0, charlen - 1)]);
        }

        return buf.join('');
    },
    safeString: function (string, options) {
        options = options || {};

        // Handle the £ symbol separately, since it needs to be removed before the unicode conversion.
        string = string.replace(/£/g, '-');

        // Remove non ascii characters
        string = unidecode(string);

        // Replace URL reserved chars: `:/?#[]!$&()*+,;=` as well as `\%<>|^~£"`
        string = string.replace(/(\s|\.|@|:|\/|\?|#|\[|\]|!|\$|&|\(|\)|\*|\+|,|;|=|\\|%|<|>|\||\^|~|"|–|—)/g, '-')
            // Remove apostrophes
            .replace(/'/g, '')
            // Make the whole thing lowercase
            .toLowerCase();

        // We do not need to make the following changes when importing data
        if (!_.has(options, 'importing') || !options.importing) {
            // Convert 2 or more dashes into a single dash
            string = string.replace(/-+/g, '-')
                // Remove trailing dash
                .replace(/-$/, '')
                // Remove any dashes at the beginning
                .replace(/^-/, '');
        }

        // Handle whitespace at the beginning or end.
        string = string.trim();

        return string;
    },
    // The token is encoded URL safe by replacing '+' with '-', '\' with '_' and removing '='
    // NOTE: the token is not encoded using valid base64 anymore
    encodeBase64URLsafe: function (base64String) {
        return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
    },
    // Decode url safe base64 encoding and add padding ('=')
    decodeBase64URLsafe: function (base64String) {
        base64String = base64String.replace(/-/g, '+').replace(/_/g, '/');
        while (base64String.length % 4) {
            base64String += '=';
        }
        return base64String;
    }
};

module.exports = utils;
-												Export 003

closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error

											
										
										
											2014-07-19 16:20:16 +04:00
+								var unidecode  = require('unidecode'),
-												Fix handling of slugs on import

closes Issue #5812

- pass importing property through to utils
- fix safeString method for imports

											
										
										
											2015-09-23 13:54:56 +03:00
+								    _          = require('lodash'),
-												Export 003

closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error

											
										
										
											2014-07-19 16:20:16 +04:00
 								    utils,
-												Server side cleanup

- remove sessions
- remove all references to csrf
- create a shared base model for the 2 types of token

											
										
										
											2014-07-14 16:29:45 +04:00
+								    getRandomInt;
-												Invite user API

closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘

											
										
										
											2014-07-02 18:22:18 +04:00
+								/**
 								 * Return a random int, used by `utils.uid()`
 								 *
 								 * @param {Number} min
 								 * @param {Number} max
 								 * @return {Number}
 								 * @api private
 								 */
-												Server side cleanup

- remove sessions
- remove all references to csrf
- create a shared base model for the 2 types of token

											
										
										
											2014-07-14 16:29:45 +04:00
+								getRandomInt = function (min, max) {
-												Invite user API

closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘

											
										
										
											2014-07-02 18:22:18 +04:00
+								    return Math.floor(Math.random() * (max - min + 1)) + min;
-												Server side cleanup

- remove sessions
- remove all references to csrf
- create a shared base model for the 2 types of token

											
										
										
											2014-07-14 16:29:45 +04:00
+								};
-												Invite user API

closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘

											
										
										
											2014-07-02 18:22:18 +04:00
-												Server side cleanup

- remove sessions
- remove all references to csrf
- create a shared base model for the 2 types of token

											
										
										
											2014-07-14 16:29:45 +04:00
+								utils = {
-												Change refresh token expiry

no issue
- acquiring a new access token using a refresh token sets the
expiration time of the refresh token to now + 24 hrs.
- moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to
`core/server/utils`

											
										
										
											2014-07-28 17:19:49 +04:00
+								    /**
 								     * Timespans in seconds and milliseconds for better readability
 								     */
-												Change session length to 7 days

refs #5202

- this is just a stopgap to deliver minor improvement short term,
- longer term we will do the work to refresh refresh tokens & switch this to a month

											
										
										
											2015-05-08 17:54:12 +03:00
+								    ONE_HOUR_S:          3600,
 								    ONE_DAY_S:          86400,
 								    ONE_YEAR_S:      31536000,
 								    ONE_HOUR_MS:      3600000,
 								    ONE_DAY_MS:      86400000,
 								    ONE_WEEK_MS:    604800000,
 								    ONE_MONTH_MS:  2628000000,
 								    ONE_YEAR_MS:  31536000000,
-												Change refresh token expiry

no issue
- acquiring a new access token using a refresh token sets the
expiration time of the refresh token to now + 24 hrs.
- moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to
`core/server/utils`

											
										
										
											2014-07-28 17:19:49 +04:00
-												Invite user API

closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘

											
										
										
											2014-07-02 18:22:18 +04:00
+								    /**
 								     * Return a unique identifier with the given `len`.
 								     *
 								     *     utils.uid(10);
 								     *     // => "FDaS435D2z"
 								     *
 								     * @param {Number} len
 								     * @return {String}
 								     * @api private
 								     */
 								    uid: function (len) {
 								        var buf = [],
 								            chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
 								            charlen = chars.length,
 								            i;
 								        for (i = 1; i < len; i = i + 1) {
 								            buf.push(chars[getRandomInt(0, charlen - 1)]);
 								        }
 								        return buf.join('');
-												Export 003

closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error

											
										
										
											2014-07-19 16:20:16 +04:00
+								    },
-												Fix handling of slugs on import

closes Issue #5812

- pass importing property through to utils
- fix safeString method for imports

											
										
										
											2015-09-23 13:54:56 +03:00
+								    safeString: function (string, options) {
 								        options = options || {};
 								        // Handle the £ symbol separately, since it needs to be removed before the unicode conversion.
-												Makes most special characters be replaced with a dash

closes #4782
- Still achieves the same goal of stripping out reserved characters
- Changes from removal to replacement
- This helps word separators from being removed
- Apostrophes (') are unaffected

											
										
										
											2015-01-10 06:31:47 +03:00
+								        string = string.replace(/£/g, '-');
-												Export 003

closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error

											
										
										
											2014-07-19 16:20:16 +04:00
 								        // Remove non ascii characters
 								        string = unidecode(string);
-												Makes most special characters be replaced with a dash

closes #4782
- Still achieves the same goal of stripping out reserved characters
- Changes from removal to replacement
- This helps word separators from being removed
- Apostrophes (') are unaffected

											
										
										
											2015-01-10 06:31:47 +03:00
+								        // Replace URL reserved chars: `:/?#[]!$&()*+,;=` as well as `\%<>|^~£"`
 								        string = string.replace(/(\s|\.|@|:|\/|\?|#|\[|\]|!|\$|&|\(|\)|\*|\+|,|;|=|\\|%|<|>|\||\^|~|"|–|—)/g, '-')
 								            // Remove apostrophes
 								            .replace(/'/g, '')
-												Export 003

closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error

											
										
										
											2014-07-19 16:20:16 +04:00
+								            // Make the whole thing lowercase
 								            .toLowerCase();
-												Fix handling of slugs on import

closes Issue #5812

- pass importing property through to utils
- fix safeString method for imports

											
										
										
											2015-09-23 13:54:56 +03:00
+								        // We do not need to make the following changes when importing data
 								        if (!_.has(options, 'importing') || !options.importing) {
 								            // Convert 2 or more dashes into a single dash
 								            string = string.replace(/-+/g, '-')
 								                // Remove trailing dash
 								                .replace(/-$/, '')
 								                // Remove any dashes at the beginning
 								                .replace(/^-/, '');
 								        }
-												Makes most special characters be replaced with a dash

closes #4782
- Still achieves the same goal of stripping out reserved characters
- Changes from removal to replacement
- This helps word separators from being removed
- Apostrophes (') are unaffected

											
										
										
											2015-01-10 06:31:47 +03:00
 								        // Handle whitespace at the beginning or end.
 								        string = string.trim();
-												Export 003

closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error

											
										
										
											2014-07-19 16:20:16 +04:00
+								        return string;
-												URL safe base64 encoding

closes #3872
- updated base64 escaping to respect + and \
- updated base64 escaping to remove = during transport
- updated tests

											
										
										
											2014-12-01 18:59:49 +03:00
+								    },
-												Fixed typos

											
										
										
											2015-03-15 00:50:00 +03:00
+								    // The token is encoded URL safe by replacing '+' with '-', '\' with '_' and removing '='
-												URL safe base64 encoding

closes #3872
- updated base64 escaping to respect + and \
- updated base64 escaping to remove = during transport
- updated tests

											
										
										
											2014-12-01 18:59:49 +03:00
+								    // NOTE: the token is not encoded using valid base64 anymore
 								    encodeBase64URLsafe: function (base64String) {
 								        return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
 								    },
 								    // Decode url safe base64 encoding and add padding ('=')
 								    decodeBase64URLsafe: function (base64String) {
 								        base64String = base64String.replace(/-/g, '+').replace(/_/g, '/');
 								        while (base64String.length % 4) {
 								            base64String += '=';
 								        }
 								        return base64String;
-												Invite user API

closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘

											
										
										
											2014-07-02 18:22:18 +04:00
+								    }
 								};
-												Add jscs task to grunt file and clean up files to adhere to jscs rules.

resolves #1920

- updates all files to conform to style settings.

											
										
										
											2014-09-10 08:06:24 +04:00
+								module.exports = utils;